First, thanks for reading!

pls see my scenario below:


1. I want do limitation to one IP. let say 172.16.31.89. so, i do mangle(connection-mark and packet-mark) in prerouting(upload) and postrouting(download) with Passthrought=NO and then apply it in global-in(upload), global-out(download) in Queue Tree. i also set limit-at to 32k and max-limit to 128k for both download and upload traffic. please refer to below config:

>ip mangle print
82 ;;172.16.31.89-conn-down
chain=postrouting action=mark-connection new-connection-mark=chanty-conn-download passthrough=yes src-address=172.16.31.89

83 ;;172.16.31.89-pack-down
chain=postrouting action=mark-packet new-packet-mark=chanty-packet-download passthrough=no connection-mark=chanty-conn-download

84 ;;172.16.31.89-conn-up
chain=pretrouting action=mark-connection new-connection-mark=chanty-conn-upload passthrough=yes src-address=172.16.31.89

85 ;;172.16.31.89-pack-up
chain=prerouting action=mark-packet new-packet-mark=chanty-packet-upload passthrough=no connection-mark=chanty-pack-upload

>queue tree print

86 name="chanty-inner-download" parent=Total-Download packet-mark="" limit-at=128000 queue=default priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s

87 name="chanty-inner-upload" parent=Total-Upload packet-mark="" limit-at=128000 queue=default priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s

64 name="chanty-down" parent=chanty-inner-download packet-mark=chanty-packet-download limit-at=100000 queue=default priority=8 max-limit=120000 burst-limit=0 burst-threshold=0 burst-time=0s

65 name="chanty-up" parent=chanty-inner-upload packet-mark=chanty-packet-upload limit-at=100000 queue=default priority=8 max-limit=120000 burst-limit=0 burst-threshold=0 burst-time=0s

2. I want to give priority to incoming ICMP traffic. so, i do mangle(packet-mark only) in both prerouting(upload) and postrouting(download) specifying Protocol=ICMP.

>ip firewall mangle print
0 ;;; icmp-packet-upload
chain=prerouting action=mark-packet new-packet-mark=icmp-packet-upload passthrough=yes protocol=icmp

1 ;;; icmp-packet-download
chain=postrouting action=mark-packet new-packet-mark=icmp-packet-download passthrough=yes protocol=icmp

>queue tree print

66 name="icmp-priority-download" parent=chanty-inner-upload packet-mark=icmp-packet-upload limit-at=28000 queue=default priority=2 max-limit=120000 burst-limit=0 burst-threshold=0 burst-time=0s

67 name="icmp-priority-download" parent=chanty-inner-download packet-mark=icmp-packet-download limit-at=28000 queue=default priority=2 max-limit=120000 burst-limit=0 burst-threshold=0 burst-time=0s

My problem is ICMP cannot get priority. Everytime, i try to test full download or upload, ICMP will get a lot delay time.

can anyone please advise on the configuration?

Thanks,

anyone has any idea?
i have been looking around like Doc and this forum, but i can not find the answer.

OK - take a look at diagram:
http://wiki.mikrotik.com/wiki/Packet_Flow


1) As you can see all traffic is going thought the prerouting and postrouting - so there are no actual need to mark traffic into 2 different places
2) packet can have only one -packet mark at the same time
3) Priority doesn't work without limitation


So the plan for you might be to mark by traffic type in prerouting and limit by traffic type in global-in.
Then remark traffic by IP addresses in forward and limit them on the outgoing interface.

set passthrough=no to ICMP


p.s. if "3) Priority doesn't work without limitation" how does PCQ work without setting a max-limit and limit-at ?!

PCQ and priority are different things

If my queue is pcq type, as the equal-sharing example, the priority will not work and all will get same priority (round robin) ? Must I switch to sfq for priority to work?

YES, we can limit the traffic by mark-packet in forward only and do queue in outgoing interface (upload) and incoming interface(download).

if i mark traffic type like ICMP or other protocols in prerouting in order to give priority, ICMP will get a good ping result even thought I DID NOT GIVE PRIORITY OR QUEUE in Queue Tree yet. i think there is problem with packet-mark. please advise!

My purpose is to limit one IP to 128k(download) and 128k(upload). and i want to give priority to some specific protocols like ICMP generated by the IP. So, even the bandwidth of the IP is full, the protocol which is given 1st priority will have good result in the scope of 128k(download) and 128k(upload). i would also want to apply this policy either globally(root) or specifically(inner-leaf).

showing configuration example would be appreciated!!

icmp gets priority because all other traffic already has queues. traffic that does not have queues gets priority. This is mentioned in the manual. p.s. I want to see example with inner leaf (subqueue in the Queue Tree)

If i do like that, my customer(the IP) will get extra bandwidth if he uses ICMP or other protocols that i gave priority. i don't think it is the way to go.

please add more!!

You are right - it there is no Queue in the tree for certain packets - they will escape the max-limit of that Queue. The meaning of the previous post is: you were seeing good pings because of this behavior, but you should not configure your router like that.

I think what macgaiver is saying is the right answer. His suggestion means that you will have different Queue Trees - one for bandwidth limitation of the users, and another for the QoS/priorities.

First, thanks for reading!

pls see my scenario below:


1. I want do limitation to one IP. let say 172.16.31.89. so, i do mangle(connection-mark and packet-mark) in prerouting(upload) and postrouting(download) with Passthrought=NO and then apply it in global-in(upload), global-out(download) in Queue Tree. i also set limit-at to 32k and max-limit to 128k for both download and upload traffic. please refer to below config:

>ip mangle print
82 ;;172.16.31.89-conn-down
chain=postrouting action=mark-connection new-connection-mark=chanty-conn-download passthrough=yes src-address=172.16.31.89

83 ;;172.16.31.89-pack-down
chain=postrouting action=mark-packet new-packet-mark=chanty-packet-download passthrough=no connection-mark=chanty-conn-download

84 ;;172.16.31.89-conn-up
chain=pretrouting action=mark-connection new-connection-mark=chanty-conn-upload passthrough=yes src-address=172.16.31.89

85 ;;172.16.31.89-pack-up
chain=prerouting action=mark-packet new-packet-mark=chanty-packet-upload passthrough=no connection-mark=chanty-pack-upload

>queue tree print

86 name="chanty-inner-download" parent=Total-Download packet-mark="" limit-at=128000 queue=default priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s

87 name="chanty-inner-upload" parent=Total-Upload packet-mark="" limit-at=128000 queue=default priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s

64 name="chanty-down" parent=chanty-inner-download packet-mark=chanty-packet-download limit-at=100000 queue=default priority=8 max-limit=120000 burst-limit=0 burst-threshold=0 burst-time=0s

65 name="chanty-up" parent=chanty-inner-upload packet-mark=chanty-packet-upload limit-at=100000 queue=default priority=8 max-limit=120000 burst-limit=0 burst-threshold=0 burst-time=0s

2. I want to give priority to incoming ICMP traffic. so, i do mangle(packet-mark only) in both prerouting(upload) and postrouting(download) specifying Protocol=ICMP.

>ip firewall mangle print
0 ;;; icmp-packet-upload
chain=prerouting action=mark-packet new-packet-mark=icmp-packet-upload passthrough=yes protocol=icmp

1 ;;; icmp-packet-download
chain=postrouting action=mark-packet new-packet-mark=icmp-packet-download passthrough=yes protocol=icmp

>queue tree print

66 name="icmp-priority-download" parent=chanty-inner-upload packet-mark=icmp-packet-upload limit-at=28000 queue=default priority=2 max-limit=120000 burst-limit=0 burst-threshold=0 burst-time=0s

67 name="icmp-priority-download" parent=chanty-inner-download packet-mark=icmp-packet-download limit-at=28000 queue=default priority=2 max-limit=120000 burst-limit=0 burst-threshold=0 burst-time=0s

My problem is ICMP cannot get priority. Everytime, i try to test full download or upload, ICMP will get a lot delay time.

can anyone please advise on the configuration?

Thanks,

Forget Priority here !! we tried hard to get the same results , giving ICMP highest priority without any hope ..

at last i made it with a very simple way , tested and working great :

1- mangle ICMP packet with passthru=no , put it at the top of mangle rules.
2- at Q , put a simple Q for ICMP packets .
3- use a script to keep that simple Q at the top of Q rules .

now each user ( IP ) will get a normal ICMP even if he filled his MAX RATE ..

Have you upgraded to ver 3.17?

There is still hope. RouterOS could have a bug/faulty hardware. Best practice - contact support if something is misbehaving, because history has shown - some Queues stop working in some versions of RouterOS. Then paste entire configuration here

Also, IP is complex. There is STILL a possibility of misconfiguration, and/or dependence on queue processing on other equipment in the network!

Please some guy with 10+ years of pro networking experience back me up on this, or MikroTik paranoia will take over everyone

Actually I'm starting a new thread on the subject : http://forum.mikrotik.com/viewtopic.php?f=2&t=28383

By doing mangle ICMP with passthrought=NO, we will extra bandwidth to customer (the IP).
it should be ok since ICMP will eat a little bandwidth only.

How about other protocol which will eat a lot of bandwidth like VoIP, Video Conferencing?
i mean those protocol that need be prioritied.

Is ROS3.17 really help? I don't think so because the configuration will be the same.

please add more!!

I just answered your question which is

My problem is ICMP cannot get priority. Everytime, i try to test full download or upload, ICMP will get a lot delay time.

can anyone please advise on the configuration?

according to http://forum.mikrotik.com/viewtopic.php ... &start=100 as below:

here is from janis

In my presentation I told that creating priorities seperatly for each client is suicide - there are no hardware that can handle small queue tree for every user (if you have 1000 of them). So in my presentation I discuse next best thing, that is close as possible to desired behaviour.

The main Idea of the setup is to have two separate QoS steps.

1) in the first step we prioritize traffic, we are making sure that traffic with higher priority have more chance to get to the custumers than traffic with the lower priority.

Example:
we have total of 100Mbps available, but clients at this particular moment would like to receive 10Mbps of Priority=1 traffic 20Mbps of Priority=4 and 150Mbps of Priority=8.

Of course after our prioritization and limitaion 80Mbps of priority=8 will be droped. And only 100Mbps will get to the next step


2) next step is per-user limitation, we already have only higher priority traffic, but now we must make sure that some user will not overuse it, so we have PCQ with limits

This way we get virtually the same behaviour as "per user prioritization"

here is from nomis

QoS includes several facilities, in the following order:

1. mangle chain prerouting
2. HTB global-in
3. Mangle chain forward
4. Mangle chain postrouting
5. HTB global-out
6. HTB out interface

so, inside one router, you can do shape twice if you use:

a) #1 and #2 for first marking and shaping, and #3+#5 for second
b) #1 and #2 for first marking and shaping, and #3+#6 for second
c) #1 and #2 for first marking and shaping, and #4+#5 for second
d) #1 and #2 for first marking and shaping, and #4+#6 for second

i have made some testing configuration as below:

>ip firewall mangle print
0 ;;; icmp-packet
chain=prerouting action=mark-packet new-packet-mark=icmp-packet
passthrough=no protocol=icmp

133 ;;; test-conn
chain=forward action=mark-connection new-connection-mark=test-conn
passthrough=yes src-address=172.16.31.89

134 ;;; test-packet
chain=forward action=mark-packet new-packet-mark=test-packet
passthrough=no connection-mark=test-conn

> queue tree print

118 name="icmp-priority" parent=global-in packet-mark=icmp-packet limit-at=0
queue=default priority=2 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s

119 name="test-user-download" parent=vlan5-noc packet-mark=test-packet
limit-at=128000 queue=pcq-128k-down priority=8 max-limit=128000
burst-limit=0 burst-threshold=0 burst-time=0s

0 name="test-user-upload" parent=ether2-Outside packet-mark=test-packet
limit-at=128000 queue=pcq-128k-up priority=8 max-limit=128000 burst-limit=0
burst-threshold=0 burst-time=0s

> queue type print

13 name="pcq-128k-up" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=5000

14 name="pcq-128k-down" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=5000

BUT icmp still has high reply time.

Am i doing the right configuration?

1) you need to mark all traffic at the same place (prerouting)

2) you must mark upload and download for every type of traffic seperatly

3) you need to limit traffic at the same place (parent=global-in)

4) you must have a parent queue, that have max-limit and parent=global-in - all other queues parent=<parent>

5) don't forget you need 2 sets of those queues - one for upload one for download

Here we go

> ip firewall managle print

136 ;;; icmp-packet-download
chain=prerouting action=mark-packet new-packet-mark=icmp-packet-download passthrough=no protocol=icmp

137 ;;; icmp-packet-upload
chain=prerouting action=mark-packet new-packet-mark=icmp-packet-upload passthrough=no protocol=icmp in-interface=vlan5-noc

138 ;;; test-conn
chain=prerouting action=mark-connection new-connection-mark=test-conn passthrough=yes src-address=172.16.31.89

139 ;;; test-packet-upload
chain=prerouting action=mark-packet new-packet-mark=test-packet-upload passthrough=no in-interface=vlan5-noc connection-mark=test-conn

140 ;;; test-packet-download
chain=prerouting action=mark-packet new-packet-mark=test-packet-download passthrough=no connection-mark=test-conn

> queue tree print

118 name="icmp-priority-upload" parent=test-parent-upload packet-mark=icmp-packet-upload limit-at=0 queue=default priority=2 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

119 name="test-user-download" parent=test-parent-download packet-mark=test-packet-download limit-at=128000 queue=pcq-128k-down priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s

120 name="test-parent-upload" parent=global-in packet-mark="" limit-at=0 queue=default priority=8 max-limit=45000000 burst-limit=0 burst-threshold=0 burst-time=0s

121 name="test-parent-download" parent=vlan5-noc packet-mark="" limit-at=0 queue=default priority=8 max-limit=45000000 burst-limit=0 burst-threshold=0 burst-time=0s

122 name="icmp-priority-download" parent=test-parent-download packet-mark=icmp-packet-download limit-at=0 queue=default priority=2 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

> queue type print

13 name="pcq-128k-up" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=5000

14 name="pcq-128k-down" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=5000

is it correct?

1) switch 136 <--> 137

2) there should 6 rules in queue tree

Upload-parent
--ICMP upload
--Other upload

Download parent
--ICMP download
--Other download

3) specify limit-at and max-limit to all ICMP and Other queues.

Ok, corrected. pls see below:

>ip firewall mangle print
136 ;;; icmp-packet-upload
chain=prerouting action=mark-packet new-packet-mark=icmp-packet-upload passthrough=no protocol=icmp

137 ;;; icmp-packet-download
chain=prerouting action=mark-packet new-packet-mark=icmp-packet-download passthrough=no protocol=icmp in-interface=vlan5-noc

138 ;;; test-conn
chain=prerouting action=mark-connection new-connection-mark=test-conn passthrough=yes src-address=172.16.31.89

139 ;;; test-packet-upload
chain=prerouting action=mark-packet new-packet-mark=test-packet-upload passthrough=no in-interface=vlan5-noc connection-mark=test-conn

140 ;;; test-packet-download
chain=prerouting action=mark-packet new-packet-mark=test-packet-download passthrough=no connection-mark=test-conn

>queue tree print

120 name="test-parent-upload" parent=global-in packet-mark="" limit-at=10000000 queue=default priority=8 max-limit=45000000 burst-limit=0 burst-threshold=0 burst-time=0s

118 name="icmp-priority-upload" parent=test-parent-upload packet-mark=icmp-packet-upload limit-at=128000 queue=default priority=2 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s

0 name="test-user-upload" parent=test-parent-upload packet-mark=test-packet-upload limit-at=128000 queue=pcq-128k-up priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s

121 name="test-parent-download" parent=vlan5-noc packet-mark="" limit-at=10000000 queue=default priority=8 max-limit=45000000 burst-limit=0 burst-threshold=0 burst-time=0s

122 name="icmp-priority-download" parent=test-parent-download packet-mark=icmp-packet-download limit-at=128000 queue=default priority=2 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s

119 name="test-user-download" parent=test-parent-download packet-mark=test-packet-download limit-at=128000 queue=pcq-128k-down priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s

>queue type print

13 name="pcq-128k-up" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=5000

14 name="pcq-128k-down" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=5000

Is it correct?

again

1) rule 137 will not get any traffic you need to put it before rule 137

2) max-limit is limit for whole queue are you sure that you allow only 128k to ALL your users together? (in test-user-upload)

3) global-in for both parents

Do you make some tests? or you just paste your configuration? You should be able to debug it yourself, just by testing it.

mknnoc , when the test-user hit the 128k , there will be no room for any traffic even it has the highest priority , so priority will work when you dont really need it , and it doesnt work when you need it .. actually nothing will help when test-user hit the 128k , this is an important principle i'd learn here !!!!!!! you can check another topic about priority to confirm this fact..

if ICMP is your problem so : isolate it , exclude it by mangle , give it a simple unlimited queue , put this q always on top of other simple q's , it wont take much bandwidth at all ..

Thanks Samsoft for your suggestion! i will use it for my last resort.

anyway, here corrected and tested configuration:

>ip firewall mangle print

136 ;;; icmp-packet-upload
chain=prerouting action=mark-packet new-packet-mark=icmp-packet-upload passthrough=no protocol=icmp in-interface=vlan5-noc

137 ;;; icmp-packet-download
chain=prerouting action=mark-packet new-packet-mark=icmp-packet-download passthrough=no protocol=icmp

138 ;;; test-conn
chain=prerouting action=mark-connection new-connection-mark=test-conn passthrough=yes src-address=172.16.31.89

139 ;;; test-packet-upload
chain=prerouting action=mark-packet new-packet-mark=test-packet-upload passthrough=no in-interface=vlan5-noc connection-mark=test-conn

140 ;;; test-packet-download
chain=prerouting action=mark-packet new-packet-mark=test-packet-download passthrough=no connection-mark=test-conn

>queue tree print

120 name="test-parent-upload" parent=global-in packet-mark="" limit-at=128000 queue=default priority=8 max-limit=100000 burst-limit=0 burst-threshold=0 burst-time=0s

121 name="test-parent-download" parent=global-in packet-mark="" limit-at=128000 queue=default priority=8 max-limit=1000000 burst-limit=0 burst-threshold=0 burst-time=0s

122 name="icmp-priority-download" parent=test-parent-download packet-mark=icmp-packet-download limit-at=128000 queue=default priority=2 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s

118 name="icmp-priority-upload" parent=test-parent-upload packet-mark=icmp-packet-upload limit-at=128000 queue=default priority=2 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s

119 name="test-user-download" parent=test-parent-download packet-mark=test-packet-download limit-at=128000 queue=defaul priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s

0 name="test-user-upload" parent=test-parent-upload packet-mark=test-packet-upload limit-at=128000 queue=default priority=8 max-limit=256000 burst-limit=0 burst-threshold=0 burst-time=0s

>queue type print

13 name="pcq-128k-up" kind=pcq pcq-rate=256000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=5000

14 name="pcq-128k-down" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=5000

My testing procedures are:

1. try to use full bandwidth
result: all are good. ICMP can get good result.
2. try to disable(#122,#188) priority and shapping of ICMP packet, and use full bandwidth
result: user can get the top speed (D:128k,U:256k) BUT ICMP still good. i think mangle excluded ICMP from user connection already as Samsoft said

if ICMP is your problem so : isolate it , exclude it by mangle , give it a simple unlimited queue , put this q always on top of other simple q's , it wont take much bandwidth at all ..

3. try to change from ICMP to HTTP protocol. just to make sure that user cannot use over the bandwidth as Janisk said

This way we get virtually the same behaviour as "per user prioritization"

Here is new configuration:

>ip firewall mangle print

136 ;;; http-packet-upload
chain=prerouting action=mark-packet new-packet-mark=icmp-packet-upload passthrough=no protocol=tcp in-interface=vlan5-noc dst-port=80

137 ;;; http-packet-download
chain=prerouting action=mark-packet new-packet-mark=icmp-packet-download passthrough=no protocol=tcp dst-port=80

>queue tree print

118 name="http-priority-upload" parent=test-parent-upload packet-mark=icmp-packet-upload limit-at=128000 queue=default priority=2 max-limit=1000000 burst-limit=0 burst-threshold=0 burst-time=0s

122 name="http-priority-download" parent=test-parent-download packet-mark=icmp-packet-download limit-at=128000 queue=default priority=2 max-limit=1000000 burst-limit=0 burst-threshold=0 burst-time=0s
result: user can use over bandwidth. that mean, PCQ can not help.

anyone please??

i am waiting for the answer or suggestion. anyone???

Here's the answer my friend. Set queue=pcq-*** to all childs. Adjust it according to upload and according to download - to separate queue types. Then PCQ will work like a charm. Tested and will probably use it for the future like this.

Sorry that make you confuse about my configuration. actually, i have been used queue=pcq-*** for test-user-upload and test-user-download. i pasted wrong config, which is queue=default, to the post.

however, i have tested with queue=pcq-***. but customer still can uses over bandwidth if i do HTTP priority.

The reason is because due to HTB structure and queue lengths (pcq-limit, pcq-total-limit) the traffic which gets more bandwidth is able to push more packets. I had the same problem with my dedicated p2p machine. Remarked it's traffic and problem was solved.

In your case you must be more careful to adjust pcq-limit and pcq-total-limit. Or you could separate QoS from PCQ. Leave this setup for QoS and raise all limit-at values. Add another marking and another Queue Tree for PCQ.

QoS includes several facilities, in the following order:

1. Mangle chain prerouting
2. HTB global-in
3. Mangle chain forward
4. Mangle chain postrouting
5. HTB global-out
6. HTB out interface

So, in one router, you can shape twice if you use:

a) #1 and #2 for first marking and shaping, and #3+#5 for second
b) #1 and #2 for first marking and shaping, and #3+#6 for second
c) #1 and #2 for first marking and shaping, and #4+#5 for second
d) #1 and #2 for first marking and shaping, and #4+#6 for second

In my presentation I told that creating priorities separately for each client is suicide - there is no hardware that can handle small queue tree for every user (if you have 1000 of them). So in my presentation I discuss next best thing, which is close as possible to desired behavior.

The main Idea of the setup is to have two separate QoS steps:

1) In the first step we prioritize traffic, we are making sure that traffic with higher priority has more chance to get to the customers than traffic with lower priority.

Example:
We have total of 100Mbps available, but clients at this particular moment would like to receive 10Mbps of Priority=1 traffic 20Mbps of Priority=4 and 150Mbps of Priority=8.
Of course after our prioritization and limitation 80Mbps of priority=8 will be dropped. And only 100Mbps will get to the next step.

2) Next step is per-user limitation, we already have only higher priority traffic, but now we must make sure that some user will not overuse it, so we have PCQ with limits.

This way we get virtually the same behavior as "per user prioritization".

So the plan for you might be to mark by traffic type in prerouting and limit by traffic type in global-in.
Then remark traffic by IP addresses in forward and limit them on the outgoing interface.

1) you need to mark all traffic at the same place (prerouting) (that would be shaped by one Queue)
2) you must mark upload and download for every type of traffic separately (if you use global-total or Queue Simple)
4) you must have a parent queue, that has max-limit and parent=global-in - all other queues parent=<parent>
5) you need 2 sets of those queues - one for upload one for download

Priority doesn't work without limitation.

Each simple queue creates 3 separate queues:
One in global-in (“direct” part)
One in Global-out (“reverse” part)
One in Global-total (“total” part)
Simple queues are ordered - similar to firewall rules
further down = longer packet processing
further down = smaller chance to get traffic
(necessary to reduce number of queues)

Queuing Placement
Limitation for in mangle chain “forward” marked traffic can be placed in the “global-out” or interface queue

If queues will be placed in the interface queues
queues on the public interface will capture only client upload
queues on the local interface will capture only client's download

If queues will be placed in global-out
download and upload will be limited together (separate marks needed)

I shape Inbound Traffic
The key is to set your upper limit about 15% lower than your service can push.
so if I had 10Mbps from my supplier I would set my top to 9Mbps.

i think if you just do the queue tree and the MAIN QUEUE for upload and the MAIN QUEUE for download for an example 95% of your total down/up bandwidth the priorities and qos should work better coz they will have some room to work.

i think if you just do the queue tree and the MAIN QUEUE for upload and the MAIN QUEUE for download for an example 95% of your total down/up bandwidth the priorities and qos should work better coz they will have some room to work.

Take a look at:
http://wiki.mikrotik.com/wiki/HTB
to be more precise at:
http://wiki.mikrotik.com/wiki/Image:Stage1_1.jpg

Queue01 have max-limit=50M and have 2 children Queue02 and Oueue08 with max-limit=49M
Queue08 have max-limit=49M and have 2 children Queue09 and Oueue12 with max-limit=47M
Queue09 have max-limit=47M and have 2 children Queue10 and Oueue11 with max-limit=45M

This way if one child queue use all available traffic, other child queue will have a "room to work". this I was trying to explain by:

Imagine you are in metro train and in the next station granny is waiting.
Granny is highest priority and as soon as she will get into train someone for sure will give her a place to sit. (at least where I'm from)
Now imagine that train is so full, that granny will not even get into train, so at this point it doesn't matter what priority granny had, she is staying on the station.
But if train was only 95% full granny will have no problems to get in and use her highest priority.

and this

Imagine high-speed road with lots of traffic on it, and there are one car coming from side road and need to get on the main high-speed road. In order to make it much more easier you need an acceleration line - where car can build up speed to main roads speed and then blend into rest of the traffic. If there are no acceleration line, this car will have hard time getting on the main road.

If there are 100% of traffic used - similar to situation without acceleration line
If there are 95% and less of traffic used - similar to situation with acceleration line

As i know so far, Priority will work only if bandwidth is full(100%). isn't it?

Packet rearrangement occurs in a well built HTB/Queue. Priorities determine which child leaf gets the available limit-at/max-limit of it's parent. First prio 1 gets it's traffic, then 2, then 3 etc to 8 for limit-at. After this is done first prio 1 gets for max-lmit, then prio 2 gets for max-limit etc.

You're kinda wrong. Packets of one connection can not/must not get rearranged, their order must be preserved. We are talking about bandwidth here and packet discarding, not moving forward and backward.... I am confused

well, packet rearrangement inside a single connection is normal, it's what TCP was developed for =) but in normal situation packets from one connection should not have different priorities, so they won't be rearranged

Could anyone answer to my post?
http://forum.mikrotik.com/viewtopic.php?f=2&t=43615

Please help.......